FINAL NOTICE

1.
ACTION

1.1.
For the reasons given in this Notice and pursuant to section 66 of the Financial
Services and Markets Act 2000 (the Act), the FSA hereby imposes a financial penalty
of £17,500 on Mr Hussain on the grounds that between 15 December 2007 and 15
November 2010 (“the Relevant Period”) he failed to comply with Statement of
Principle 7 of the FSA’s Statements of Principle and Code of Practice for Approved
Persons (“Statements of Principle”).

1.2.
Mr Hussain agreed to settle at an early stage of the FSA’s investigation. He therefore
qualified for a 30% (Stage 1) discount under the FSA’s executive settlement
procedures. Were it not for this discount, the FSA would have imposed a financial
penalty of £25,000 on Mr Hussain.

2.
SUMMARY OF REASONS

2.1.
On the basis of the facts and matters set out below, the FSA has taken this action
against Mr Hussain as a result of his conduct in performing the money laundering
reporting (CF11) controlled function at Habib Bank AG Zurich (“Habib”). Mr

Hussain formally ceased to hold this function on 10 February 2012, although he had
ceased to act in this role from May 2011.

2.2.
In performing the money laundering reporting controlled function, Mr Hussain had
responsibility for and oversight of Habib’s compliance with the FSA’s requirements
relating to the establishment and maintenance of adequate AML systems and controls.

2.3.
During the Relevant Period Mr Hussain, as an approved person performing a
significant influence function, failed to comply with Statement of Principle 7 by
failing to take reasonable steps to ensure that the business of Habib for which he was
responsible in his controlled function complied with the relevant requirements and
standards of the regulatory system.

2.4.
Mr Hussain’s failings as Money Laundering Reporting Officer (“MLRO”) continued
for a period of almost three years and created an unacceptable risk that Habib could
have handled the proceeds of crime. In particular, Mr Hussain failed to take
reasonable steps to ensure that Habib:

a)
established and maintained adequate procedures for assessing the level of
money laundering risk posed by prospective and existing customers (including
maintaining a flawed High Risk Country List);

b)
conducted sufficient enhanced due diligence (“EDD”) in relation to higher risk
customers;

c)
carried out adequate reviews of its AML systems and controls; and

d)
revised its training adequately to address shortcomings in its AML practice
which he had identified and maintained sufficient records of staff completion
of AML training and of all AML steps taken on individual customer accounts.

2.5.
As part of its investigation, the FSA reviewed a sample of 68 of Habib’s customer
files which had been opened and retrospectively checked by Mr Hussain during the
Relevant Period. Despite Mr Hussain as Habib’s MLRO personally checking each of
the files, the FSA found that 46 of the 68 files it reviewed contained one or more of
the following failings:

(a)
the customer’s account had been inappropriately regarded as normal risk rather
than higher risk;

(b)
the EDD conducted was inadequate; and/or

(c)
EDD had not been conducted prior to transactions occurring on the account.

2.6.
These failings were particularly serious because:

(a)
approximately 45% of Habib’s 15,500 customers were based outside the UK
and these customers accounted for 70% of its deposits. Moreover,
approximately one third of Habib’s customers (and approximately 50% of
Habib’s deposits) came from jurisdictions which did not have AML
requirements equivalent to those in the UK and/or carried a higher risk of

money laundering because they were perceived to have greater levels of
corruption (such as Pakistan, from where almost 20% of Habib’s customers
originated). It was therefore particularly important that Habib had effective
systems and controls to prevent and detect money laundering given that it acted
as a gateway to the UK financial system for international customers and
regularly did business with customers from jurisdictions which presented a
higher risk of money laundering;

(b)
Mr Hussain’s failure to recognise that Habib’s policy of excluding Pakistan and
Kenya from its High Risk Country List was seriously misconceived as the
higher risk of money laundering they presented was not negated by Habib’s
physical presence in those countries or any specialist knowledge of them. When
Habib added Pakistan and Kenya to its High Risk Country List in November
2010 following the recommendation of a skilled person required by the FSA to
report on various AML matters, it resulted in the reclassification of 170
accounts from normal to higher risk. This represented approximately 8% of the
number of higher risk accounts operated by Habib during the Relevant Period;

(c)
Mr Hussain’s failings continued for a period of almost three years; and

(d)
the FSA has repeatedly stressed the importance of effective AML controls
through its Financial Crime Newsletters, speeches and other communications
and the failings in this Notice occurred in a period during which the FSA
brought and published other Enforcement cases against regulated firms and
against MLROs for failing to meet the FSA’s AML requirements.

2.7.
The FSA has also taken into account the following matters in relation to Mr Hussain:

(a)
Mr Hussain has confirmed that at the age of 67 he has now retired from
working in the financial services industry; and

(b)
Mr Hussain has co-operated fully with the FSA’s investigation.

2.8
The FSA has concluded that the nature and seriousness of the failings outlined above
warrant the imposition of a financial penalty. The FSA therefore imposes a financial
penalty of £17,500 on Mr Hussain.

2.9
This action supports the FSA's statutory objectives of the reduction of financial crime
and the maintenance of confidence in the financial system.

3.
DEFINITIONS

3.1.
The following terms and related definitions are used in this Final Notice:

“the ML Regulations” means the Money Laundering Regulations 2007;

“the Act” means the Financial Services and Markets Act 2000;

“AML” means anti-money laundering;

“APER” means the FSA’s Statements of Principle and Code of Practice for Approved
Persons;

“beneficial owner” means the term as defined in Regulation 6 of the ML
Regulations;

“CP Index” means the Corruption Perception Index published by Transparency
International;

“DEPP” means the FSA’s Decisions Procedure and Penalties manual;

“EDD” means enhanced due diligence measures. The circumstances where EDD
should be applied are included in Regulation 14 of the ML Regulations;

“the FSA” means the Financial Services Authority;

“Habib” means Habib Bank AG Zurich;

“High Risk Country” means a country included in Habib’s High Risk Country List;

“High Risk Country List” means Habib’s list from time to time of High Risk
Countries;

“JMLSG” means the Joint Money Laundering Steering Group;

“JMLSG Guidance” means the guidance issued by the JMLSG in December 2007 on
compliance with the legal requirements in the ML Regulations, regulatory
requirements in the FSA Handbook and evolving practice within the financial services
industry. Similar provisions were also contained in the subsequent version of the
Guidance, dated December 2009;

“money laundering” means as defined in the FSA Handbook Glossary;

“money laundering risk” means the risk, as described at SYSC 6.3.2G, that a firm
may be used to further money laundering. Failure by a firm to manage this risk
effectively will increase the risk to society of crime and terrorism;

“MLRO” means money laundering reporting officer holding the CF11 control
function;

“PEP” means a politically exposed person. A PEP is defined in the ML Regulations
as “an individual who is or has, at any time in the preceding year, been entrusted with
a prominent public function by: i) a state other then the UK; ii) a European
Community institution; or iii) an international body”. The definition includes the
immediate family members and known close associates of such a person;

“the Relevant Period” means the period from 15 December 2007 to 15 November
2010; and

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).

4.
FACTS AND MATTERS

4.1.
Throughout the Relevant Period, Mr Hussain was the Zonal Compliance Officer and
MLRO of Habib, a privately owned Swiss bank. As MLRO Mr Hussain was
approved to perform controlled function CF11 (money laundering reporting), a
significant influence function.

4.2.
Habib’s operations during the Relevant Period consisted of twelve branches in the UK
with a total of approximately 15,500 account holders and approximately 200 staff.
Habib offered deposit products (including current accounts and term deposits), private
banking, trade finance, correspondent banking, and other products (such as remittance
services) to personal and corporate customers. Habib’s primary sources of new
business were referrals from existing customers or from staff, existing customers
referred from overseas group branches, and existing customers seeking new or
additional products and services. Habib has been authorised by the FSA since 1

December 2001.

4.3.
During the Relevant Period, approximately 45% of Habib’s customers were based
outside the UK. Habib’s target markets included East Africa and South Asia.

4.4.
As MLRO, Mr Hussain had responsibility for oversight of Habib’s compliance with
the FSA’s rules on systems and controls against money laundering. It was also his job
as the MLRO to act as the focal point for all activity within the firm relating to anti-
money laundering matters.

Inadequate risk assessment

4.5.
During the Relevant Period, Mr Hussain oversaw and continued to indicate his
approval of Habib’s risk assessment procedure whereby customers’ accounts were
automatically regarded as higher risk if they met certain specified criteria (for
example, customers who were PEPs, unregistered charities or money service
businesses) or accumulated three or more points.

4.6.
The basic risk scoring criteria were:

(a)
one point if the customer (or the beneficial owner(s) of the account) was a
national of a High Risk Country, as included in Habib’s High Risk Country
List;

(b)
two points if the customer was domiciled in a High Risk Country; and

(c)
two points if the volume of assets (i.e. balance) in the account was over certain
thresholds (namely £250,000 for personal accounts, £500,000 for corporate
accounts and £1 million for private banking accounts).

4.7.
Habib’s policy during the Relevant Period was to compile its High Risk Country List
by reference to the prevailing CP Index. All countries with a score below three on the
CP Index were to be included, with the significant exception of any country in which
Habib had a group office. As a result, Pakistan and Kenya were excluded from the

High Risk Country List throughout the Relevant Period even though they had CP
Index scores below three. Mr Hussain explained that the rationale for the exclusion of
these countries (which was a policy initiated prior to the Relevant Period), was that
Habib had “specialist knowledge” of them as regions in which it operated. Mr
Hussain personally approved this policy.

4.8.
Mr Hussain failed to ensure that Habib had in place an appropriate risk assessment
process for which as MLRO he was personally responsible for establishing and
maintaining. In particular:

a)
Habib’s policy of excluding Pakistan (from where almost 20% of Habib’s
customers originated) and Kenya from its High Risk Country List was
seriously misconceived as the higher risk of money laundering presented by
these jurisdictions was not negated by Habib’s physical presence in those
countries or any specialist knowledge of them (although specialist knowledge
may assist to identify and manage such risks). This policy had the effect that,
for accounts where the risk scoring criteria applied, customers who were
domiciled in, or nationals of, Pakistan and Kenya were treated as having the
same risk profile as those from a country with a lower perceived risk of
corruption, such as customers based in Norway or New Zealand. When Habib
added Pakistan and Kenya to its High Risk Country List in November 2010
following the recommendation of a skilled person required by the FSA to
report on various AML matters, the classification of approximately 170
accounts were changed from normal to higher risk as a result. This
represented approximately 8% of the number of higher risk accounts operated
by Habib during the Relevant Period;

b)
other countries with a CP Index score below three were omitted in error from
the High Risk Country List which Mr Hussain was responsible for maintaining
and updating. The Maldives and Mauritania had scores below three in the
2008 and 2009 CP Indexes but were not included. Further, Gabon, Kiribati
and Tanzania (the latter from which Habib had approximately 160 customers)
all had scores below three in the 2009 CP Index but were not included in
Habib’s subsequent 2010 High Risk Country List;

c)
Mr Hussain was unable to provide any justification or rationale behind
Habib’s selection of a score of three on the CP Index as its cut-off point.
Given Habib’s customer base and product range and in light of the overall
approach which Habib took to risk assessing accounts, a score of below three
on the CP Index was too low a threshold for determining which countries were
high risk. This had the effect that some customers who potentially presented a
higher risk of money laundering by reason of their domicile or nationality (for
example, from Madagascar, Sri Lanka and India which had scores of 3, 3.1
and 3.4 respectively in the 2009 CP Index) were inappropriately treated as
normal risk by default;

d)
Mr Hussain was aware of the shortcomings of relying solely on the CP Index
as a basis for Habib’s High Risk Country List but nonetheless approved this
approach. Mr Hussain should have been aware that relying solely on the CP
Index was not appropriate. The CP Index does not assess the level of

perceived corruption for every jurisdiction globally and did not cover some
jurisdictions from which Habib had customers (for example, Anguilla and the
Turks & Caicos Islands). Mr Hussain had been a party to discussions at a
Habib Annual Compliance Officers Conference in 2007 which included
recognition of the disadvantages of relying on the CP Index as the sole basis
for the High Risk Country List. Notwithstanding this, Mr Hussain approved,
implemented and maintained a High Risk Country List that relied solely on
the CP Index. As a result, Habib treated such jurisdictions as normal risk by
default, without undertaking any analysis of the prevailing risk of money
laundering presented by them;

e)
Mr Hussain failed to ensure that Habib considered and assessed whether the
following types of customer (which the JMLSG Guidance suggests are
examples of higher risk situations) should be regarded as higher risk:

i
companies incorporated in off-shore jurisdictions as non-resident
companies with no local operations but managed from another country;

ii
companies registered in high risk jurisdictions;

iii
where beneficial owners with a significant interest in a corporate
customer were resident in a high risk jurisdiction; and

iv
those who were not physically present for identification purposes;

f)
Habib’s procedures failed to take any account of the jurisdiction in which
corporate customers were operating. For example, a company incorporated in
the UK but which had operations in Sudan or Zimbabwe would not have been
assessed any differently from a UK company with exclusively UK operations;
and

g)
Mr Hussain failed to conduct any, or any sufficient, analysis to ensure that the
financial parameters used by Habib within its risk scoring system were at an
appropriate level to identify adequately customers who posed a higher risk of
money laundering.

4.9.
The file review conducted by the FSA of 68 of Habib’s customer accounts, each of
which had been subjected to retrospective checks by Mr Hussain as MLRO during his
branch audit visits, found that:

(a)
15 corporate accounts represented a higher risk of money laundering due to
the structure and domicile of the legal entity and/or the nature or location of
the customers’ business activities, but had been inappropriately graded as
normal risk; and

(b)
eight accounts were erroneously graded as normal risk despite Habib having
gathered information which indicated that the customer did or would meet
higher risk criteria.

In addition, 11 accounts would have met Habib’s higher risk criteria had Pakistan and
Kenya been included in the High Risk Country List.

7


Inadequate EDD

4.10. Habib’s EDD arrangements, as established and maintained by Mr Hussain, were
inadequate as:

(a)
Habib’s procedures failed to require that customers who were not physically
present for identification purposes were to be classified as higher risk and
accordingly needed to be subject to EDD and enhanced ongoing monitoring;
and

(b)
The FSA found in its file review that EDD had been conducted on 34 files (i.e.
those which Habib had regarded as higher risk) and that of these 34 files:

(i)
in 21 files the information gathered by Habib during the EDD process
was either insufficient (particularly regarding the customer or
beneficial owner’s source of wealth and source of funds) and/or not
supported by appropriate evidence. For example, where a customer’s
source of wealth or funds was stated to be the proceeds of a property
sale, Habib did not obtain any evidence of the ownership of the
property, the occurrence of a sale or the arising proceeds. On other
files, where Habib (who applied a wider definition of PEPs than
required by the ML Regulations) categorised customers as PEPs on the
basis of their connection with a person holding public office (who was
thereby a PEP), the EDD it undertook focused on the person who held
public office and paid insufficient regard to the account holder and the
increased money laundering risk arising from that relationship. In
relation to one PEP, who was a customer from Pakistan, Habib was
aware of allegations regarding corruption but failed to take sufficient
steps to understand the allegations and assess the extent of the money
laundering risk posed by the account; and

(ii)
in 14 files, EDD was not completed in an appropriate timeframe and/or
was only conducted after transactions had already been processed on
the account.

4.11. By failing to take reasonable steps to ensure that Habib verified information from its
customers where appropriate, Mr Hussain exposed Habib to an increased risk of being
used to further money laundering. In addition, by Mr Hussain failing to take
reasonable steps to ensure that EDD was always conducted at the point that Habib
first considered an account to present a higher risk of money laundering, Habib was
unable to use such information to inform its decision as to how to mitigate the
increased money laundering risk (which might, in some instances, include declining
to open the account or discontinuing the business relationship). Failing to conduct
EDD in a timely manner leaves a firm under-informed of money laundering risk and
undermines its efforts to undertake adequate enhanced ongoing monitoring of
transactions.

4.12. Habib’s AML policy required that completed EDD forms be sent to Mr Hussain in his
capacity as Habib’s Zonal Compliance Officer. Mr Hussain also retrospectively

reviewed EDD forms as part of his branch audit visits. Mr Hussain therefore had
sight of each EDD form in which the FSA’s file review identified shortcomings.

Inadequate regular assessment of Habib’s AML arrangements

4.13. During the Relevant Period Mr Hussain’s assessments of Habib’s AML arrangements
were inadequate and he failed to ensure that Habib’s senior management received
appropriate information and analysis on the operation and effectiveness of its AML
systems and controls. In particular, the Annual Statements of Compliance which he
prepared (and which served as his annual reports to senior management):

(a)
provided descriptions of Habib’s policies and procedures rather than an
assessment of whether the arrangements had been adequate and effective in
practice over the previous year;

(b)
failed to justify the adequacy and effectiveness of, or even address at all,
Habib’s transaction monitoring arrangements (in particular the automated
monitoring thresholds); and

(c)
failed to justify the adequacy and effectiveness of, or even address at all,
Habib’s risk scoring arrangements (in particular the volume of assets
thresholds).

4.14. These omissions represented a failure by Mr Hussain to take reasonable steps to
ensure that Habib carried out regular assessments of the adequacy of its AML systems
and controls to ensure that they continued to enable Habib to identify, assess, monitor
and manage money laundering risk adequately and remain comprehensive and
proportionate to the nature, scale and complexity of its activities.

Inadequate AML training and record keeping

4.15. During the Relevant Period Mr Hussain regularly identified shortcomings in the AML
practice of various staff during his branch audit visits and reported these to senior
management for rectification. This would result in written requests from senior
management to branch managers for urgent rectification and/or clarification of the
matters identified. For example, Mr Hussain identified numerous deficiencies in
account opening procedures which required rectification by the branches at a number
of the Firm’s branches during his audit visits. However, Mr Hussain failed to take
reasonable steps to ensure that these findings were used to identify AML training
needs amongst staff and inform future training.

4.16. Habib assigned responsibility for planning and overseeing compliance training to Mr
Hussain as MLRO. This included ensuring that Habib’s AML training records were
accurate and up-to-date. However, the FSA’s investigation found that there were
discrepancies between Habib’s AML training records and the general training records
maintained for individual employees. Further, some staff were not recorded as having
attended AML training in line with Habib’s policy.

4.17. In addition, the FSA’s file review exercise also identified that Habib did not always
maintain sufficient records of all of the AML steps it took in relation to individual
customer accounts, including:

(a)
whether personal customers and the beneficial owners of non-resident
corporate customers had been physically present for identification; and

(b)
whether the risk classification of individual customer accounts had been re-
considered as part of regular account reviews.

4.18. Mr Hussain failed to take reasonable steps to ensure that sufficient records were kept
on each file of the AML steps that the firm had taken. The lack of clear records on
these matters made it difficult for the FSA to assess whether Habib had complied with
the relevant legal and regulatory requirements and its own policy.

5.
FAILINGS

5.1.
The regulatory provisions relevant to this Final Notice are referred to in the Appendix.

5.2.
Mr Hussain breached Statement of Principle 7 as he failed to take reasonable steps to
ensure that the business of Habib for which he was responsible in his controlled
function complied with the relevant requirements and standards of the regulatory
system. This included the failings in respect of Habib’s AML systems and controls set
out below.

Risk management and AML systems and controls

5.3.
Mr Hussain was responsible for establishing and maintaining Habib’s risk assessment
procedures in relation to AML which were inadequate in a number of respects. In
particular, Pakistan and Kenya were excluded from Habib’s High Risk Country List
on the basis that it had specialist knowledge of them. This was inappropriate as it did
not negate the higher risk of money laundering presented by these jurisdictions.
When Habib added Pakistan and Kenya to its High Risk Country List in November
2010, following the recommendation of a skilled person required by the FSA to report
on various AML matters, the risk classification of 170 accounts was changed from
normal to higher risk as a result. This represented approximately 8% of the number of
higher risk accounts operated by Habib during the Relevant Period.

5.4.
A number of other countries with a CP Index score below three were omitted, in error,
from the High Risk Country List. Mr Hussain was also unable to explain why a score
of three on the CP Index was chosen as the cut-off point for high risk. Given Habib’s
customer base and product range and in light of the overall approach which Habib
took to risk assessing accounts, this was too low a threshold for determining which
countries were high risk and meant that some customers who potentially presented a
higher risk of money laundering by reason of their domicile or nationality were
inappropriately treated by Habib as normal risk by default.

5.5.
Mr Hussain failed to consider and assess the increased risk posed by, for example,
corporate customers incorporated in off-shore jurisdictions as non-resident companies
with no local operations or companies operating in high risk jurisdictions.

5.6.
In addition, Habib’s EDD arrangements, as established and maintained by Mr
Hussain, were inadequate. For example, Habib’s procedures failed to require that
customers who were not physically present for identification purposes were to be

classified as higher risk and accordingly needed to be subject to EDD and enhanced
ongoing monitoring.

5.7.
Further, in a number of cases where EDD was conducted, Habib gathered insufficient
information (particularly regarding the customer or beneficial owner’s source of
wealth and source of funds) and/or did not support the information it gathered with
appropriate evidence. In a number of instances EDD was not completed within an
appropriate timeframe and/or was only conducted after transactions had already been
processed on the account.

Inadequate regular assessment of AML arrangements

5.8.
Mr Hussain’s assessments of Habib’s AML arrangements were inadequate and failed
to ensure that Habib’s senior management received appropriate information on the
operation and effectiveness of its AML systems and controls.

5.9.
The annual reports by Mr Hussain to senior management (Habib’s Annual Statements
of Compliance) did not assess whether the arrangements had been adequate and
effective in practice over the previous year. These reports also failed to address
Habib’s transaction monitoring arrangements (in particular the automated monitoring
thresholds) or its risk scoring arrangements (in particular the volume of assets
thresholds).

Inadequate AML training and record keeping

5.10. Mr Hussain failed to take reasonable steps to ensure that Habib used findings of
shortcomings which he had identified in the AML practices of various staff to identify
AML training needs amongst staff and inform future training.

5.11. Mr Hussain also failed to take reasonable steps to ensure that Habib kept sufficient
records of staff completion of AML training and of all AML steps taken on individual
customer accounts.

6.
SANCTION

Relevant guidance on sanction

6.1.
The FSA’s general approach in deciding whether to take action and determining the
appropriate level of financial penalties is set out in Chapter 6 of the Decision
Procedure & Penalties Manual (“DEPP”) which forms part of the FSA Handbook.
Since the majority of the misconduct occurred before the introduction of the FSA’s
new penalty regime on 6 March 2010, the FSA has applied the penalty regime that
was in place before that date. DEPP 6.5.2 G sets out factors that may be of particular
relevance in determining the appropriate level of financial penalty for a firm or
approved person. The criteria are not exhaustive and all relevant circumstances of the
case are taken into consideration in determining whether a financial penalty is
appropriate and the amount.

6.2.
The principal purpose for which the FSA imposes financial penalties is to promote
high standards of regulatory conduct by deterring those who have breached regulatory
requirements from committing further breaches, helping to deter others from

committing similar breaches and demonstrating generally the benefits of compliant
behaviour.

6.3.
The FSA has considered the disciplinary and other options available to it and has
concluded that a financial penalty is the appropriate sanction in the circumstances of
this particular case given the serious nature of the breaches, the unacceptable risk
created that Habib could have handled the proceeds of crime through its customer
relationships, and the need to strengthen the message to the industry that an MLRO,
who is a significant influence function holder, must take responsibility for ensuring
that the business for which he is responsible complies with the relevant regulatory
requirements.

6.4.
In deciding the appropriate penalty, the FSA considered the factors outlined below to
be particularly relevant.

6.5.
In determining the appropriate level of penalty, the FSA has had regard to the need to
promote high standards of regulatory conduct by deterring those who have committed
breaches from committing further breaches and to help to deter others from
committing similar breaches.

Seriousness of the breaches

6.6.
The FSA has had regard to the seriousness of the breaches, including the nature of the
requirements breached and the number and the duration of the breaches. For the
reasons set in paragraph 2.6 of this Notice, the FSA considers that Mr Hussain’s
failings, which continued for nearly three years, are of a serious nature. The
weaknesses in Habib’s systems and controls resulted in an unacceptable risk that
Habib could have handled the proceeds of crime.

The extent to which the breach was deliberate or reckless

6.7.
The FSA does not consider that Mr Hussain’s conduct was deliberate or reckless.

Whether the person on whom the penalty is to be imposed is an individual

6.8.
The FSA has had regard to the fact that the financial penalty is likely to have a
significant impact on Mr Hussain as an individual and that he has now retired from
working in the financial services industry.

The size, financial resources and other circumstances of the person on whom the
penalty is to be imposed

6.9.
The FSA has taken into account the income received by Mr Hussain from Habib
during the Relevant Period and considered his ability to pay the financial penalty. The
FSA has seen no evidence that Mr Hussain is unable to pay the financial penalty.

Conduct following the breach

6.10. Mr Hussain has co-operated with the FSA's investigation.

Disciplinary record and compliance history

6.11. The FSA has taken into account the fact that Mr Hussain has not been the subject of
previous disciplinary action.

Previous action taken by the FSA

6.12. In determining whether and what financial penalty to impose on Mr Hussain, the FSA
has taken into account action taken by the FSA in relation to other approved persons
for comparable behaviour.

7.
PROCEDURAL MATTERS

Decision makers

7.1.
The decision which gave rise to the obligation to give this Final Notice was made by
the Settlement Decision Makers.

7.2.
This Final Notice is given under and in accordance with section 390 of the Act.

Manner of and time for Payment

7.3
The financial penalty must be paid in full by Mr Hussain to the FSA by no later than
18 May 2012, 14 days from the date of the Final Notice.

If the financial penalty is not paid

7.4
If all or any of the financial penalty is outstanding on 19 May 2012, the FSA may
recover the outstanding amount as a debt owed by Mr Hussain and due to the FSA.

7.5
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information
about the matter to which this notice relates. Under those provisions, the FSA must
publish such information about the matter to which this notice relates as the FSA
considers appropriate. The information may be published in such manner as the FSA
considers appropriate. However, the FSA may not publish information if such
publication would, in the opinion of the FSA, be unfair to Mr Hussain or prejudicial
to the interests of consumers.

7.6
The FSA intends to publish such information about the matter to which this Final
Notice relates as it considers appropriate.

FSA contacts

7.7
For more information concerning this matter generally, you should contact Lance
Ellison (direct line: 020 7066 2422 / fax: 020 7066 2423) of the Enforcement and
Financial Crime Division of the FSA.

....................................................................................

FSA Enforcement and Financial Crime Division

APPENDIX

RELEVANT STATUTORY AND REGULATORY PROVISIONS

1.
Under section 66(1) of the Act, the FSA may impose a financial penalty on an
approved person as it considers appropriate where it appears to the FSA that a person
is guilty of misconduct and it is satisfied that it is appropriate in all the circumstances
to take action against him. Section 66(2)(a) provides that a person is guilty of
misconduct if, whilst an approved person, he has failed to comply with the Statements
of Principle issued under section 64 of the Act.

FSA’s Statements of Principle and Code of Practice for Approved Persons

2.
The FSA’s Statements of Principle and Code of Practice for Approved Persons are
issued by the FSA pursuant to section 64 of the Act and contains general statements
regarding the fundamental obligations of approved persons under the regulatory
system.

3.
Statement of Principle 7 states:

“An approved person performing a significant influence function must take
reasonable steps to ensure that the business of the firm for which he is responsible in
his controlled function complies with the relevant requirements and standards of the
regulatory system.”

4.
APER 4.7.2 E sets out descriptions of conduct which, in the opinion of the FSA, do
not comply with Statement of Principle 7.

5.
APER 4.7.3 E states:

Failing to take reasonable steps to implement (either personally or through a
compliance department or other departments) adequate and appropriate systems of
control to comply with the relevant requirements and standards of the regulatory
system in respect of its regulated activities falls within APER 4.7.2 E.

6.
APER 4.7.4 E states:

Failing to take reasonable steps to monitor (either personally or through a compliance
department or other departments) compliance with the relevant requirements and
standards of the regulatory system in respect of its regulated activities falls within
APER 4.7.2 E (see APER 4.7.12 G).

7.
APER 4.7.5 E states:

Failing to take reasonable steps adequately to inform himself about the reason why
significant breaches (whether suspected or actual) of the relevant requirements and
standards of the regulatory system in respect of its regulated activities may have
arisen (taking account of the systems and procedures in place) falls within APER
4.7.2 E.

8.
APER 4.7.6 E states:

Behaviour of the type referred to in APER 4.7.5 E includes, but is not limited to,
failing to investigate what systems or procedures may have failed including, where
appropriate, failing to obtain expert opinion on the adequacy of the systems and
procedures.

9.
APER 4.7.7 E states:

Failing to take reasonable steps to ensure that procedures and systems of control are
reviewed and, if appropriate, improved, following the identification of significant
breaches (whether suspected or actual) of the relevant requirements and standards of
the regulatory system relating to its regulated activities, falls within APER 4.7.2 E
(see APER 4.7.13 G).

10.
APER 4.7.9 E states:

In the case of the money laundering reporting officer, failing to discharge the
responsibilities imposed on him by the firm in accordance with SYSC 3.2.6I R or
SYSC 6.3.9 R falls within APER 4.7.2 E.

11.
APER 4.7.10 E states:

In the case of an approved person performing a significant influence function
responsible for compliance under SYSC 3.2.8 R, SYSC 6.1.4 R or SYSC 6.1.4A R,
failing to take reasonable steps to ensure that appropriate compliance systems and
procedures are in place falls within APER 4.7.2 E (see APER 4.7.14 G).

12.
APER 4.7.11 G states:

The FSA expects an approved person performing a significant influence function to
take reasonable steps both to ensure his firm's compliance with the relevant
requirements and standards of the regulatory system and to ensure that all staff are
aware of the need for compliance.

An approved person performing a significant influence function need not himself put
in place the systems of control in his business (APER 4.7.4 E). Whether he does this
depends on his role and responsibilities. He should, however, take reasonable steps to
ensure that the business for which he is responsible has operating procedures and
systems which include well-defined steps for complying with the detail of relevant
requirements and standards of the regulatory system and for ensuring that the business
is run prudently. The nature and extent of the systems of control that are required will
depend upon the relevant requirements and standards of the regulatory system, and
the nature, scale and complexity of the business.

14.
APER 3.1.4 G states:

An approved person will only be in breach of a Statement of Principle where he is
personally culpable. Personal culpability arises where an approved person’s conduct
was deliberate or where the approved person’s standard of conduct was below that
which would be reasonably in all the circumstances.

15.
Enforcement Guide 2.25 (3) states:

Guidance and supporting materials are, however, potentially relevant to an
enforcement case and a decision maker may take them into account in considering the
matter. Examples of the ways in which the FSA may seek to use guidance and
supporting materials in an enforcement context include: (3) to inform a view of the
overall seriousness of the breaches e.g. the decision maker could decide that the
breach warranted a higher penalty in circumstances where the FSA had written to
chief executives in the sector in question to reiterate the importance of ensuring a
particular aspect of its business complied with relevant regulatory standards.

FSA’s rules and guidance on MLROs

16.
The FSA’s Senior Management Arrangements, Systems and Controls (SYSC) 6.1.1 R
states:

A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations under
the regulatory system and for countering the risk that the firm might be used to further
financial crime.

17.
SYSC 6.3.1 R states:

A firm must ensure the policies and procedures established under SYSC 6.1.1 R
include systems and controls that:

(1) enable it to identify, assess, monitor and manage money laundering risk;
and

(2) are comprehensive and proportionate to the nature, scale and complexity
of its activities.

18.
SYSC 6.3.9 R states:

A firm (with the exception of a sole trader who has no employees) must:

(1) appoint an individual as MLRO, with responsibility for oversight of its
compliance with the FSA's rules on systems and controls against money
laundering; and

(2) ensure that its MLRO has a level of authority and independence within
the firm and access to resources and information sufficient to enable him to
carry out that responsibility.

19.
SYSC 6.3.10 G states:

The job of the MLRO within a firm is to act as the focal point for all activity within
the firm relating to anti-money laundering. The FSA expects that a firm's MLRO will
be based in the United Kingdom.

Relevant extracts from the Money Laundering Regulations 2007

Enhanced customer due diligence and ongoing monitoring (Regulation 14)

(1) A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—

(a) in accordance with paragraphs (2) to (4);

(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.

(2) Where the customer has not been physically present for identification purposes, a
relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—

(a) ensuring that the customer’s identity is established by additional
documents, data or information;

(b) supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution which is
subject to the money laundering directive;

(c) ensuring that the first payment is carried out through an account opened in
the customer’s name with a credit institution.

(3) A credit institution (“the correspondent”) which has or proposes to have a
correspondent banking relationship with a respondent institution (“the respondent”)
from a non-EEA state must—

(a) gather sufficient information about the respondent to understand fully the
nature of its business;

(b) determine from publicly-available information the reputation of the
respondent and the quality of its supervision;

(c) assess the respondent’s anti-money laundering and anti-terrorist financing
controls;

(d) obtain approval from senior management before establishing a new
correspondent banking relationship;

(e) document the respective responsibilities of the respondent and
correspondent; and

(f) be satisfied that, in respect of those of the respondent’s customers who
have direct access to accounts of the correspondent, the respondent—

(i) has verified the identity of, and conducts ongoing monitoring in
respect of, such customers; and

(ii) is able to provide to the correspondent, upon request, the
documents, data or information obtained when applying customer due
diligence measures and ongoing monitoring.

(4) A relevant person who proposes to have a business relationship or carry out an
occasional transaction with a politically exposed person must—

(a) have approval from senior management for establishing the business
relationship with that person;

(b) take adequate measures to establish the source of wealth and source of
funds which are involved in the proposed business relationship or occasional
transaction; and

(c) where the business relationship is entered into, conduct enhanced ongoing
monitoring of the relationship.

(5) In paragraph (4), “a politically exposed person” means a person who is—

(a) an individual who is or has, at any time in the preceding year, been
entrusted with a prominent public function by—

(i) a state other than the United Kingdom;

(ii) a Community institution; or

(iii) an international body,

including a person who falls in any of the categories listed in paragraph
4(1)(a) of Schedule 2;

(b) an immediate family member of a person referred to in sub-paragraph (a),
including a person who falls in any of the categories listed in paragraph
4(1)(c) of Schedule 2; or

(c) a known close associate of a person referred to in sub-paragraph (a),
including a person who falls in either of the categories listed in paragraph
4(1)(d) of Schedule 2.

(6) For the purpose of deciding whether a person is a known close associate of a
person referred to in paragraph (5)(a), a relevant person need only have regard to
information which is in his possession or is publicly known.

Policies and procedures (Regulation 20)

(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—

(a) customer due diligence measures and ongoing monitoring;

(b) reporting;

(c) record-keeping;

(d) internal control;

(e) risk assessment and management;

(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,

in order to prevent activities related to money laundering and terrorist financing.

(2) The policies and procedures referred to in paragraph (1) include policies and
procedures—

(a) which provide for the identification and scrutiny of—

(i) complex or unusually large transactions;

(ii) unusual patterns of transactions which have no apparent economic
or visible lawful purpose; and

(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;

(b) which specify the taking of additional measures, where appropriate, to
prevent the use for money laundering or terrorist financing of products and
transactions which might favour anonymity;

(c) to determine whether a customer is a politically exposed person;

(d) under which—

(i) an individual in the relevant person’s organisation is a nominated
officer under Part 7 of the Proceeds of Crime Act 2002 and Part 3 of
the Terrorism Act 2000;

ii) anyone in the organisation to whom information or other matter
comes in the course of the business as a result of which he knows or
suspects or has reasonable grounds for knowing or suspecting that a
person is engaged in money laundering or terrorist financing is
required to comply with Part 7 of the Proceeds of Crime Act 2002 or,
as the case may be, Part 3 of the Terrorism Act 2000; and

(iii) where a disclosure is made to the nominated officer, he must
consider it in the light of any relevant information which is available to
the relevant person and determine whether it gives rise to knowledge
or suspicion or reasonable grounds for knowledge or suspicion that a
person is engaged in money laundering or terrorist financing.

(3) Paragraph (2)(d) does not apply where the relevant person is an individual who
neither employs nor acts in association with any other person.

(4) A credit or financial institution must establish and maintain systems which enable
it to respond fully and rapidly to enquiries from financial investigators accredited
under section 3 of the Proceeds of Crime Act 2002 (accreditation and training),
persons acting on behalf of the Scottish Ministers in their capacity as an enforcement
authority under that Act, officers of Revenue and Customs or constables as to—

(a) whether it maintains, or has maintained during the previous five years, a
business relationship with any person; and

(b) the nature of that relationship.

(5) A credit or financial institution must communicate where relevant the policies and
procedures which it establishes and maintains in accordance with this regulation to its
branches and subsidiary undertakings which are located outside the United Kingdom.

(6) In this regulation—

“politically exposed person” has the same meaning as in regulation 14(4);

“subsidiary undertaking” has the same meaning as in regulation 15.

Training (Regulation 21)

A relevant person must take appropriate measures so that all relevant employees of
his are—

(a) made aware of the law relating to money laundering and terrorist
financing; and

(b) regularly given training in how to recognise and deal with transactions and
other activities which may be related to money laundering or terrorist
financing.

OTHER RELEVANT PROVISIONS

Relevant extracts from the JMLSG Guidance

Part 1, Chapter 5

5.5 Enhanced due diligence

1.
Paragraph 5.5.1 - A firm must apply EDD measures on a risk-sensitive basis in any
situation which by its nature can present a higher risk of money laundering or terrorist
financing. As part of this, a firm may conclude, under its risk-based approach, that the
standard evidence of identity is insufficient in relation to the money laundering or
terrorist financing risk, and that it must obtain additional information about a
particular customer.

2.
Paragraph 5.5.5 - A firm should hold a fuller set of information in respect of those
customers, or class/category of customers, assessed as carrying a higher money
laundering or terrorist financing risk, or who are seeking a product or service that
carries a higher risk of being used for money laundering or terrorist financing
purposes.

3.
Paragraph 5.5.9 - The ML Regulations prescribe three specific types of relationship in
respect of which EDD measures must be applied. These are:

(a)
where the customer has not been physically present for identification
purposes;

(b)
in respect of a correspondent banking relationship;

(c)
in respect of a business relationship or occasional transaction with a PEP.

Politically exposed persons

4.
Paragraph 5.5.18 - Individuals who have, or have had, a high political profile, or hold,
or have held, public office, can pose a higher money laundering risk to firms as their
position may make them vulnerable to corruption. This risk also extends to members
of their immediate families and to known close associates. PEP status itself does not,

of course, incriminate individuals or entities. It does, however, put the customer, or
the beneficial owner, into a higher risk category.

5.
Paragraph 5.5.25 - Firms are required, on a risk-sensitive basis, to:

(a)
have appropriate risk-based procedures to determine whether a customer is a
PEP;

(b)
obtain appropriate senior management approval for establishing a business
relationship with such a customer;

(c)
take adequate measures to establish the source of wealth and source of funds
which are involved in the business relationship or occasional transaction; and

(d)
conduct enhanced ongoing monitoring of the business relationship.

Risk-based procedures

6.
Paragraph 5.5.28 - It is for each firm to decide the steps it takes to determine whether
a PEP is seeking to establish a business relationship for legitimate reasons, and which
measures it deems adequate to determine the source of funds and source of wealth.
Firms may wish to refer to information sources such as asset and income declarations,
which some jurisdictions expect certain senior public officials to file and which often
include information about an official’s source of wealth and current business interests.
Firms should note that not all declarations are publicly available and that a PEP
customer may have legitimate reasons for not providing a copy. Firms should also be
aware that some jurisdictions impose restrictions on their PEPs’ ability to hold foreign
bank accounts or to hold other office or paid employment.

On-going monitoring

7.
Paragraph 5.5.30 - Guidance on the on-going monitoring of the business relationship
is given in section 5.7. Firms should remember that new and existing customers may
not initially meet the definition of a PEP, but may subsequently become one during
the course of a business relationship. The firm should, as far as practicable, be alert to
public information relating to possible changes in the status of its customers with
regard to political exposure. When an existing customer is identified as a PEP, EDD
must be applied to that customer.

Part I, Chapter 7 - Staff awareness, training and alertness

8.
Paragraph 7.23 - Relevant employees should be trained in what they need to know in
order to carry out their particular role. Staff involved in customer acceptance, in
customer servicing, or in settlement functions will need different training, tailored to
their particular function. This may involve making them aware of the importance of
the “know your customer” requirements for money laundering prevention purposes,
and of the respective importance of customer ID procedures, obtaining additional
information and monitoring customer activity. The awareness raising and training in
this respect should cover the need to verify the identity of the customer, and
circumstances when it should be necessary to obtain appropriate additional customer

information in the context of the nature of the transaction or business relationship
concerned.

9.
Paragraph 7.24 - Relevant employees should also be made aware of the particular
circumstances of customers who present a higher risk of money laundering or terrorist
financing, or who are financially excluded. Training should include how identity
should be verified in such cases, what additional steps should be taken, and/or what
local checks can be made.